URL: Mal warning, not related to browser

Viruses and worms
1

Greetings! Avast has generated a couple of “Threat has been detected” warnings that read

Infection Details
URL: http://afe.specificclick.net/?l
Process: C:\Program Files\Dell\DellDock\DockLogin.exe
Infection: URL:Mal

but when I run both a quick scan and a specific folder scan in Avast, no threat is found. Other posts I’ve seen seem to call this advertising-related. Would my best bet be to uninstall the DellDock and then re-install it? I find it quite handy so I would like to keep it if possible. I’m running Windows Vista. Any feedback would be appreciated. Thanks!

2

Provide us with the logs mentioned here: http://forum.avast.com/index.php?topic=53253.0
and a qualified removal expert will look into the matter…

polonus

3

Monitoring

4

Thanks for your assistance! Here are the requested logs (with operator IDs redacted).

The malwarebytes log reads:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Axxx :: Axxx-xx [administrator]

2/11/2013 12:45:20 PM
mbam-log-2013-02-11 (12-45-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304447
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The aswMBR log reads:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-11 14:20:42

14:20:42.337 OS Version: Windows 6.0.6002 Service Pack 2
14:20:42.337 Number of processors: 2 586 0xF0D
14:20:42.338 ComputerName: xxxx UserName: xxxx
14:20:53.929 Initialize success
14:20:55.590 AVAST engine defs: 13021100
14:20:59.172 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
14:20:59.174 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
14:20:59.197 Disk 0 MBR read successfully
14:20:59.200 Disk 0 MBR scan
14:20:59.203 Disk 0 Windows VISTA default MBR code
14:20:59.207 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
14:20:59.224 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 274432
14:20:59.254 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 220418 MB offset 31731712
14:20:59.258 Disk 0 Partition - 00 0F Extended LBA 2562 MB offset 483147776
14:20:59.288 Disk 0 Partition 4 00 DD MSDOS5.0 2561 MB offset 483149824
14:20:59.315 Disk 0 scanning sectors +488394752
14:20:59.453 Disk 0 scanning C:\Windows\system32\drivers
14:21:14.942 Service scanning
14:22:19.415 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys LOCKED 32
14:22:21.062 Modules scanning
14:23:31.423 Disk 0 trace - called modules:
14:23:31.462 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:23:31.468 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86a5f6b0]
14:23:31.473 3 CLASSPNP.SYS[8b1a48b3] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x85f1e030]
14:23:32.862 AVAST engine scan C:\Windows
14:23:39.574 AVAST engine scan C:\Windows\system32
14:28:44.351 AVAST engine scan C:\Windows\system32\drivers
14:29:32.907 AVAST engine scan C:\Users\xxxx
14:34:17.034 Disk 0 MBR has been saved successfully to “C:\Users\xxxx\Desktop\MBR.dat”
14:34:17.046 The log file has been saved successfully to “C:\Users\xxxx\Desktop\aswMBR.txt”

The remaining four logs are attached. Any light you can shed on this problem is appreciated. Thanks!

5

Hi could you delete this link from the startup folder C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
As this adware attaches itself to links, if I tried to remove it it may break the programme itself

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
FF - prefs.js..extensions.enabledAddons: %7B1392b8d2-5c05-419f-a8f6-b9f15a596612%7D:3.16.0.100

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

6

So far, everything has run as suggested. The “quick scan” log after reboot is attached as OTL-2.txt.

Thanks for your help.

7

Is Avast still alerting ?

8

It hasn’t done since we started the process, but before it was an intermittent thing. It had alerted when I checked my email this morning, but didn’t when I checked just now. The removal of the DellDock link kept it from starting after the last reboot; would it be safe to re-start it now?

Thanks.

9

Yes you can reset it as a start item, it was just the link that needed to be removed

10

Thanks for all your help!

11

Has that cleared the problem ?